Disabling automatic command approval in Copilot clients

Disable yolo mode to stop agents from running commands without approval.

Who can use this feature?

Enterprise owners

Note

This feature is in public preview and subject to change.

You can prevent users from using modes that enable automatic approval of agent commands in Copilot CLI and VS Code. The disableBypassPermissionsMode setting is defined in your enterprise's managed-settings.json file and applies to users on your enterprise's Copilot plan.

This setting blocks users from using:

  • The --yolo or --allow-all flag
  • The /yolo or /allow-all command
  • All runtime paths that enable combined bypass mode

This setting does not block individual flags such as --allow-all-tools or --allow-all-paths.

  1. In your enterprise's .github-private repository, create the managed settings file at copilot/managed-settings.json. If you haven't set a .github-private repository as your enterprise's source of agent configuration, see Preparing to use custom agents in your enterprise.

    The legacy path (.github/copilot/settings.json) is also supported.

  2. Add the following property.

    JSON
    {
  "permissions": {
    "disableBypassPermissionsMode": "disable"
  }
}